azure-docs-sdk-java/docs-ref-autogen/com.azure.identity.ClientCertificateCredential.yml

### YamlMime:JavaType
uid: "com.azure.identity.ClientCertificateCredential"
fullName: "com.azure.identity.ClientCertificateCredential"
name: "ClientCertificateCredential"
nameWithType: "ClientCertificateCredential"
summary: "The ClientCertificateCredential acquires a token via service principal authentication."
inheritances:
- "<xref href=\"java.lang.Object?displayProperty=fullName\" data-throw-if-not-resolved=\"False\" />"
inheritedClassMethods:
- classRef: "java.lang.<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html\">Object</a>"
  methodsRef:
  - "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#clone--\">clone</a>"
  - "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#equals-java.lang.Object-\">equals</a>"
  - "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#finalize--\">finalize</a>"
  - "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#getClass--\">getClass</a>"
  - "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#hashCode--\">hashCode</a>"
  - "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#notify--\">notify</a>"
  - "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#notifyAll--\">notifyAll</a>"
  - "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#toString--\">toString</a>"
  - "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait--\">wait</a>"
  - "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait-long-\">wait</a>"
  - "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait-long-int-\">wait</a>"
syntax: "public class **ClientCertificateCredential**</br> implements <xref href=\"com.azure.core.credential.TokenCredential?alt=com.azure.core.credential.TokenCredential&text=TokenCredential\" data-throw-if-not-resolved=\"False\" />"
methods:
- uid: "com.azure.identity.ClientCertificateCredential.getToken(com.azure.core.credential.TokenRequestContext)"
  fullName: "com.azure.identity.ClientCertificateCredential.getToken(TokenRequestContext request)"
  name: "getToken(TokenRequestContext request)"
  nameWithType: "ClientCertificateCredential.getToken(TokenRequestContext request)"
  parameters:
  - name: "request"
    type: "<xref href=\"com.azure.core.credential.TokenRequestContext?alt=com.azure.core.credential.TokenRequestContext&text=TokenRequestContext\" data-throw-if-not-resolved=\"False\" />"
  syntax: "public Mono<AccessToken> getToken(TokenRequestContext request)"
  returns:
    type: "<a href=\"https://projectreactor.io/docs/core/release/api/reactor/core/publisher/Mono.html\">Mono</a>&lt;<xref href=\"com.azure.core.credential.AccessToken?alt=com.azure.core.credential.AccessToken&text=AccessToken\" data-throw-if-not-resolved=\"False\" />&gt;"
- uid: "com.azure.identity.ClientCertificateCredential.getTokenSync(com.azure.core.credential.TokenRequestContext)"
  fullName: "com.azure.identity.ClientCertificateCredential.getTokenSync(TokenRequestContext request)"
  name: "getTokenSync(TokenRequestContext request)"
  nameWithType: "ClientCertificateCredential.getTokenSync(TokenRequestContext request)"
  parameters:
  - name: "request"
    type: "<xref href=\"com.azure.core.credential.TokenRequestContext?alt=com.azure.core.credential.TokenRequestContext&text=TokenRequestContext\" data-throw-if-not-resolved=\"False\" />"
  syntax: "public AccessToken getTokenSync(TokenRequestContext request)"
  returns:
    type: "<xref href=\"com.azure.core.credential.AccessToken?alt=com.azure.core.credential.AccessToken&text=AccessToken\" data-throw-if-not-resolved=\"False\" />"
type: "class"
desc: "The ClientCertificateCredential acquires a token via service principal authentication. It is a type of authentication in Azure that enables a non-interactive login to [Microsoft Entra ID][], allowing an application or service to authenticate itself with Azure resources. A Service Principal is essentially an identity created for an application in Microsoft Entra ID that can be used to authenticate with Azure resources. It's like a \"user identity\" for the application or service, and it provides a way for the application to authenticate itself with Azure resources without needing to use a user's credentials. [Microsoft Entra ID][] allows users to register service principals which can be used as an identity for authentication. A client certificate associated with the registered service principal is used as the password when authenticating the service principal. The ClientCertificateCredential acquires an access token with a client certificate for a service principal/registered Microsoft Entra application. The tenantId, clientId and clientCertificate of the service principal are required for this credential to acquire an access token. It can be used both in Azure hosted and local development environments for authentication. For more information refer to the [conceptual knowledge and configuration details][].\n\nAs a pre-requisite, a service principal is required to use this authentication mechanism. If you don't have a service principal, refer to [create a service principal with Azure CLI. ][create a service principal with Azure CLI.]\n\n**Sample: Construct a simple ClientCertificateCredential**\n\nThe following code sample demonstrates the creation of a <xref uid=\"com.azure.identity.ClientCertificateCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.ClientCertificateCredential\"></xref>, using the <xref uid=\"com.azure.identity.ClientCertificateCredentialBuilder\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.ClientCertificateCredentialBuilder\"></xref> to configure it. The `tenantId`, `clientId` and `certificate` parameters are required to create <xref uid=\"com.azure.identity.ClientCertificateCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.ClientCertificateCredential\"></xref>. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.\n\n```java\nTokenCredential clientCertificateCredential = new ClientCertificateCredentialBuilder()\n     .tenantId(tenantId)\n     .clientId(clientId)\n     .pemCertificate(\"<PATH-TO-PEM-CERTIFICATE>\")\n     .build();\n```\n\n**Sample: Construct a ClientCertificateCredential using <xref uid=\"\" data-throw-if-not-resolved=\"false\" data-raw-source=\"ByteArrayInputStream\"></xref>**\n\nThe following code sample demonstrates the creation of a <xref uid=\"com.azure.identity.ClientCertificateCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.ClientCertificateCredential\"></xref>, using the <xref uid=\"com.azure.identity.ClientCertificateCredentialBuilder\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.ClientCertificateCredentialBuilder\"></xref> to configure it. The `tenantId`, `clientId` and `certificate` parameters are required to create <xref uid=\"com.azure.identity.ClientSecretCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.ClientSecretCredential\"></xref>. The `certificate` in this example is configured as a <xref uid=\"\" data-throw-if-not-resolved=\"false\" data-raw-source=\"ByteArrayInputStream\"></xref>. This is helpful if the certificate is available in memory via a cert store.\n\n```java\nByteArrayInputStream certificateStream = new ByteArrayInputStream(certificateBytes);\n TokenCredential certificateCredentialWithStream = new ClientCertificateCredentialBuilder()\n     .tenantId(tenantId)\n     .clientId(clientId)\n     .pemCertificate(certificateStream)\n     .build();\n```\n\n**Sample: Construct a ClientCertificateCredential behind a proxy**\n\nThe following code sample demonstrates the creation of a <xref uid=\"com.azure.identity.ClientCertificateCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.ClientCertificateCredential\"></xref>, using the <xref uid=\"com.azure.identity.ClientCertificateCredentialBuilder\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.ClientCertificateCredentialBuilder\"></xref> to configure it. The `tenantId`, `clientId` and `certificate` parameters are required to create <xref uid=\"com.azure.identity.ClientSecretCredential\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.identity.ClientSecretCredential\"></xref>. THe `proxyOptions` can be optionally configured to target a proxy. Once this credential is created, it may be passed into the builder of many of the Azure SDK for Java client builders as the 'credential' parameter.\n\n```java\nTokenCredential certificateCredential = new ClientCertificateCredentialBuilder()\n     .tenantId(tenantId)\n     .clientId(clientId)\n     .pfxCertificate(\"<PATH-TO-PFX-CERTIFICATE>\", \"P@s$w0rd\")\n     .proxyOptions(new ProxyOptions(Type.HTTP, new InetSocketAddress(\"10.21.32.43\", 5465)))\n     .build();\n```\n\n\n[Microsoft Entra ID]: https://learn.microsoft.com/entra/fundamentals/\n[conceptual knowledge and configuration details]: https://aka.ms/azsdk/java/identity/clientcertificatecredential/docs\n[create a service principal with Azure CLI.]: https://aka.ms/azsdk/java/identity/serviceprincipal/create/docs"
implements:
- "<xref href=\"com.azure.core.credential.TokenCredential?alt=com.azure.core.credential.TokenCredential&text=TokenCredential\" data-throw-if-not-resolved=\"False\" />"
metadata: {}
package: "com.azure.identity"
artifact: com.azure:azure-identity:1.13.3